So your Twitter account is hacked? Reset, tweet, pray.

More than a quarter million Twitter accounts have been hacked
worldwide, the social media company disclosed in February, but Tuesday's attack
on The Associated Press's verified account, @AP, had unusual effect. The Dow
Jones industrial average fell 143 points after someone hijacked the AP's account
to falsely
tweet that two explosions at the White House had wounded President Barack
Obama. The market recovered, but the hacking--just the latest in a series of attacks
on news organizations--sent shudders through a profession that's grown accustomed
to breaking its news on Twitter.

So what to do if your Twitter account is hacked? The best
advice is not to let it happen in the first place; the AP said the attack on its
Twitter account was preceded by a phishing expedition--an attempt to extract
usernames and passwords--that was launched against its corporate network.

We'll work backward in this piece. If your account has already
been hacked, a first step is to request a password reset from Twitter by going
to this Twitter page, "My
account has been hacked," and then using the password reset form and
following instructions.

If you still see unauthorized Tweets indicating the account
remains hijacked, the next step is to check the external applications accessing
your account. Steve Hill, an Indiana-based, internet technology blogger, recommends
going into your Twitter account's settings and clicking on applications to see
the list of apps, such as Facebook or TweetDeck, that are being allowed access
to your account. "Identify the applications you don't recognize or are not
comfortable allowing access," adds Hill, "and click 'Revoke Access.'" Then try
resetting your Twitter password again.

Beginning Tuesday evening, CPJ sought out the advice of analysts
and fellow journalists, a collection that we've Storified. Several
followers suggested some good preventive steps, while others expressed bewilderment
about what they might do in case of an attack.

The goal of this tactic is to get your message heard by a
human being who can respond. In that vein, you could also tweet at individual
Twitter staff members you know or who might be receptive to your problem.

But whatever you do, don't bother calling Twitter on the
phone. The firm's San Francisco line answers with a recording saying, "For
customer support, press 1." After you press 1, another recorded voice says, "Unfortunately,
Twitter does not provide user support over the telephone."

The voice on the recording goes on to suggest that you try
Twitter's Help Center at support.twitter.com.
The voice continues: "Our help center contains information about contacting our
team via email." But any such email addresses on the Help Center page are
either missing or very hard to find, which may explain why @digiphile concluded
his Tweet by suggesting that you add a dose of prayer to your efforts.

Twitter has been criticized for
failing to deploy two-step (or two-factor) authentication,
which would make it harder for hackers to gain access to an account. Providers
such as Google, Microsoft, and Facebook already offer this. Wired reported Tuesday that Twitter is now testing
a two-step process with hopes of releasing it incrementally to users. Wired
describes the two-step process:

When
logging in from a new location, it requires users to enter a password and a
randomly generated code sent to a device, typically via a text message or
smartphone application. In other words, accessing an account requires having
two things: something you know (the password) and something you have (a
previously registered device).

But for now, security is
mainly in your own hands. Some basic steps can help limit your exposure. Avoid
clicking on any strange links that come to you within either your Twitter feed
or Direct Messages on Twitter. "Think before you click!" advises
Andrea Vahl, a social media consultant, author, and community manager of
the online magazine Social Media Examiner.

Change your password regularly and make sure it is a strong
password involving multiple types of characters like r7#. The CPJ
Journalist Security Guide recommends creating a
passphrase using different character types that you will remember and that
is unique to you. Something like, Icbm#&!Tawh, for "I can't believe my
#&! Twitter account was hacked."

Make sure you are on Twitter's actual site before logging on,
Vahl notes. A website can be made to look like Twitter so check the URL to be sure
that it says: https://twitter.com. Twitter
automatically loads an https address, which provides more security than the
simple http. Vahl also recommends adding your mobile number to your account. "Twitter
can verify your account if it's been hacked through your mobile phone and
restore your access quicker," she notes.

Twitter has a page, "Keeping your account secure,"
that explains preventive measures in detail. The page also reminds users to
keep their computer and operating systems updated with the most recent security
patches and anti-virus software. This is important. Many journalists and human
rights activists working in less developed nations can attest to the risk of
having one's devices infected through the use of pirated or outdated software.

Enrique Piraces, a colleague at Human Rights Watch who
specializes in digital security, tells us that preventative steps are especially
important for those who don't work for large organizations. In response to our queries, he said that dealing with a hacking attack on your own poses big challenges.

@pressfreedom Good/hard question. Unless part of a large org most channels r ad-hoc, reactive. That is why prevention goes a long way.

1 comments

I have been suspended several times I have used the help option to await a 'ticket' several times but. It claims that am not suspended while twitter support says am suspended, I believe am hacked the e-mail address is not applicable and therefore I have no way to 'contest' my case?
Please help

Face-blurring comes into focus for journalists

July 20, 2012 5:24 PM ET

This week, YouTube announced a feature that should catch the eye of video journalists and bloggers working in dangerous conditions. After uploading a video to YouTube, you can now deploy a "blur faces" post-production tool that, in theory, should disguise the visual identity of everyone on the screen. The...

Can selective blocking pre-empt wider censorship?

February 3, 2012 5:14 PM ET

Last week, Twitter provoked a fierce debate online when it announced a new capability--and related policy--to hide tweets on a country-specific basis. By building this feature into its website's basic code, Twitter said it hoped to offer a more tailored response to legal demands to remove tweets globally. The...